upstream/mercurial-mirror Commit - r15813:3ae04eb5

sslutil: handle setups without .getpeercert() early in the validator...

Mads Kiilerich -

r15813:3ae04eb5 default

parent child

mercurial/sslutil.py

0 +25 -25

@@ -103,6 +103,13 b' class validator(object):'
103	host = self.host	103	host = self.host
104	cacerts = self.ui.config('web', 'cacerts')	104	cacerts = self.ui.config('web', 'cacerts')
105	hostfingerprint = self.ui.config('hostfingerprints', host)	105	hostfingerprint = self.ui.config('hostfingerprints', host)
		106	if not getattr(sock, 'getpeercert', False): # python 2.5 ?
		107	if hostfingerprint:
		108	raise util.Abort(_("host fingerprint for %s can't be "
		109	"verified (Python too old)") % host)
		110	self.ui.warn(_("warning: certificate for %s can't be verified "
		111	"(Python too old)\n") % host)
		112	return
106	if cacerts and not hostfingerprint:	113	if cacerts and not hostfingerprint:
107	msg = _verifycert(sock.getpeercert(), host)	114	msg = _verifycert(sock.getpeercert(), host)
108	if msg:	115	if msg:
@@ -111,28 +118,21 b' class validator(object):'
111	'insecurely)') % (host, msg))	118	'insecurely)') % (host, msg))
112	self.ui.debug('%s certificate successfully verified\n' % host)	119	self.ui.debug('%s certificate successfully verified\n' % host)
113	else:	120	else:
114	if ~~getattr~~(~~sock~~, ~~'getpeercert'~~, ~~Fals~~e):	121	peercert = sock.getpeercert(True)
115	~~peercer~~t = ~~sock~~.~~getpeercert~~(~~True~~)	122	peerfingerprint = util.sha1(peercert).hexdigest()
116	peerfingerprint = util.sha1(peercert).hexdigest()	123	nicefingerprint = ":".join([peerfingerprint[x:x + 2]
117	~~nicefingerprint~~ = ~~":"~~.~~join~~([~~peerfingerprint~~[x:x + 2]	124	for x in xrange(0, len(peerfingerprint), 2)])
118	for x in xrange(0, len(peerfingerprint), 2)])	125	if hostfingerprint:
119	if ~~host~~fingerprint:	126	if peerfingerprint.lower() != \
120	if ~~peerfingerprint~~.lower() != \	127	hostfingerprint.replace(':', '').lower():
121	hostfingerprint.replace(':', '').lower():	128	raise util.Abort(_('invalid certificate for %s '
122	raise util.Abort(_('invalid certificate for %s '	129	'with fingerprint %s') %
123	~~'with~~ fingerprint %s') %	130	(host, nicefingerprint))
124	(host, nicefingerprint))	131	self.ui.debug('%s certificate matched fingerprint %s\n' %
125	self.ui.debug('%s certificate matched fingerprint %s\n' %	132	(host, nicefingerprint))
126	(host, nicefingerprint))	133	else:
127	else:	134	self.ui.warn(_('warning: %s certificate '
128	self.ui.warn(_('warning: %s certificate '	135	'with fingerprint %s not verified '
129	'~~with~~ fingerprint %s ~~not verified~~ '	136	'(check hostfingerprints or web.cacerts '
130	'~~(check hostfingerprints or web.cacerts~~ '	137	'config setting)\n') %
131	~~'config setting)~~\n') %	138	(host, nicefingerprint))
132	(host, nicefingerprint))
133	else: # python 2.5 ?
134	if hostfingerprint:
135	raise util.Abort(_("host fingerprint for %s can't be "
136	"verified (Python too old)") % host)
137	self.ui.warn(_("warning: certificate for %s can't be "
138	"verified (Python too old)\n") % host)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages